Objective

You have a server, a raspberry pi, a cloud instance or something else running on Linux and you want to follow your Logs, the easy way? You have never installed a log collector and you're new to Graylog?

Then this guide is for you!

In this guide will show you how to send Logs from your Linux instance to Logs Data Platform. Don't be afraid, it will be easier than you think.

Requirements

A Linux based instance (server, VPS, Cloud instance, Raspberry Pi, ...). Command lines will be for DEBIAN 8 in this tutorial

Instructions

Why?

On Linux, logs are generated automatically, for a variety of actions. RAM usage, file downloads, login attempts, network failure, ... almost everything. But logs can be difficult to read without proper tools. With this platform, you'll be able to sort logs and create fancy dashboards.

What are logs?

Here are some example logs from an OVH Public Cloud instance on Debian 8 :

Conclusion : lot of info, with a date, a process, a description. but hard to follow.

Configure your Account

First thing to do is to configure your Logs Data Platform account: order a plan (we have free plans ;-), create your user, a stream and a dashboard. Verify that everything works already perfectly. We wrote an independent guide for this, please read it and come back here after : Quick start Good? let's go to step #4 then !

Install and configure a log collector

So let's assume you have your Linux. This guside DOES NOT fully cover how to configure other flavors of syslog nor other OSs. Please refer to their own documentation to know how to setup a template and a external destination for the logs. You can still read this entire document to have a grasp on how the template is built. However this configuration should work on any syslog-ng version above 3.0.

We will install a log collector. What's this? It's a tool that collects logs from any source, processes them and delivers them to various destinations, like the Logs Data Platform.

In this guide we will install Syslog-ng :

Log in your Linux

Install syslog-ng

Check that your syslog-ng version is above 3.0 (use syslog-ng --version) for that.

$ ubuntu@server:~$ sudo apt-get install syslog-ng

Once it's done we will configure it to collect system logs and deliver them to the platform

open syslog-ng configuration file

$ ubuntu@server:~$ nano /etc/syslog-ng/syslog-ng.conf

Remove the text in it, and copy-paste this configuration. Don't forget to modify the token by yours

SOURCES : this is the logs sources to collect. So here, we collect System and Internal. More sources can be added of course!

TEMPLATE : we will deliver logs to the platform based on this template, it will bring more comprehension for Graylog

DESTINATION : This is where we will deliver logs in nearly real time. Here, we have to destinations : The first is the remote endpoint in Logs Data Platform, the second one is local. Retrieve the correct endpoint for RFC 5424 by going to your manager and head to the About page. I create a new log file locally in order to check if the logs are properly sent. It's optional of course, and you can safely remove it once everything is fine. as you can see, the remote destination will use the template, the local destination will not.

In accordance with the 2006/112/CE Directive, modified on 01/01/2015, prices incl. VAT may vary according to the customer's country of residence (by default, the prices displayed are inclusive of the UK VAT in force).